Published crate versions are not immutable, and have changed

[kornelski]

Current Behavior

Usually crates.io refuses to change existing releases. However, if a crate is deleted (by admins), then it's possible to reclaim the name, and publish the same version of the same crate with a new content.

This means that the index (apart from yanking) isn't truly immutable/append-only. It's possible that for a given (crate_name, version) there will be a different content at different times.

This edge case creates problems:

• It complicates registry caching/mirroring. I can't assume that each crate version is published only once ever. Tarballs are downloaded by name & version, but must match the checksum in the index (BTW, static.crates.io sends cache-control: public,max-age=31536000,immutable which isn't correct!). Properly supporting that edge case requires ability to purge caches.

• Similarly, it complicates data analysis. I can't assume that data derived from a release won't change, so I need to have ability to update previously processed data. I've assumed that the registry data is append-only and crate tarballs can't change, and ended up with inconsistent data on https://lib.rs for republished crates.

• It prevents implementation of an extra TOFU-like security for clients. I wanted to add an extra layer of security to my crates.io mirror (and propose a similar policy in Cargo) that enforced that checksums of published crates must never change. This would ensure that existing releases couldn't be modified even if crates.io itself was hacked, and any attempts to do so could be detected and raise an alarm (I know crates.io is working on a proper security model, but this would have been an improvement without protocol changes). Unfortunately, the possibility of delete + republish legitimately changing the content of old crates is an exception that makes checksums effectively mutable.

Expected Behavior

Would it be possible for crates.io to make checksums always immutable?

Steps To Reproduce

1. Claim a previously deleted crate.
2. Publish a version that used to exist.

Environment

N/A

Anything else?

The checksum changes happened quite a few times:

• grepster@0 rust-lang/crates.io-index@2c48e88 rust-lang/crates.io-index@347513a
• blanketops rust-lang/crates.io-index@6322e0a rust-lang/crates.io-index@14afa46
• formula-example rust-lang/crates.io-index@00907cc rust-lang/crates.io-index@25143f7
• bothan-lib rust-lang/crates.io-index@1966ff8 rust-lang/crates.io-index@774ab8f
• solana-rpc rust-lang/crates.io-index@c5ba983 rust-lang/crates.io-index@8ee739c
• windows_firewall rust-lang/crates.io-index@8befa83 rust-lang/crates.io-index@7868732 rust-lang/crates.io-index@73c4ff3
• scirs2@0.1 rust-lang/crates.io-index@b73f0b7 rust-lang/crates.io-index@3cbca52
• kimai_client_lib rust-lang/crates.io-index@78e317b rust-lang/crates.io-index@c3bdfd2
• useless_setter_maker rust-lang/crates.io-index@59d6db3 rust-lang/crates.io-index@74b2153
• lud@0.1.0 rust-lang/crates.io-index@71f93cc rust-lang/crates.io-index@8719a16
• nexum-apdu rust-lang/crates.io-index@bb5b915 rust-lang/crates.io-index@ba9099f
• qrypto@0.1 rust-lang/crates.io-index@1b3af4f rust-lang/crates.io-index@af4c874
• gettype@1 rust-lang/crates.io-index@12b921e rust-lang/crates.io-index@a0dbabb
• simplicity rust-lang/crates.io-index@8fb2750 rust-lang/crates.io-index@cb0978b
• simplicity rust-lang/crates.io-index@f126031 rust-lang/crates.io-index@09b23e8
• simplicity rust-lang/crates.io-index@09b23e8 rust-lang/crates.io-index@2f0a913
• simplicity rust-lang/crates.io-index@cb0978b rust-lang/crates.io-index@849beb0
• goruath@0 rust-lang/crates.io-index@b40836a rust-lang/crates.io-index@8434e12
• goruath@0 rust-lang/crates.io-index@37d613a
• evaianalyzer rust-lang/crates.io-index@56d12e9 rust-lang/crates.io-index@6fffab2
• tokenise@0 rust-lang/crates.io-index@12adb50 rust-lang/crates.io-index@8bff037
• bevy_toolbox rust-lang/crates.io-index@6e896af rust-lang/crates.io-index@d39b71a
• ark-secp256k1 rust-lang/crates.io-index@7e10d46 rust-lang/crates.io-index@37a6e59
• ark-secp256k1 rust-lang/crates.io-index@cf5f766 rust-lang/crates.io-index@b9608c9
• oze-canopen rust-lang/crates.io-index@5eae58e rust-lang/crates.io-index@101a0ec
• recall_entangler rust-lang/crates.io-index@ba46082 rust-lang/crates.io-index@b304c37
• notemancy rust-lang/crates.io-index@fa03ed8 rust-lang/crates.io-index@42862c1
• elys-std@0 rust-lang/crates.io-index@5fd4cc2 rust-lang/crates.io-index@9517ef4
• elys-std-derive rust-lang/crates.io-index@561b409 rust-lang/crates.io-index@be4d94d
• byted-metrics rust-lang/crates.io-index@b6890a6 rust-lang/crates.io-index@73db2bb
• qrypto@0.1 rust-lang/crates.io-index@af4c874 rust-lang/crates.io-index@4b61bdd
• byted-trace rust-lang/crates.io-index@5fa4016 rust-lang/crates.io-index@1914ce4
• squam-cli rust-lang/crates.io-index@b8ed150 rust-lang/crates.io-index@0856200
• bytekv@0.0 rust-lang/crates.io-index@d362bfb rust-lang/crates.io-index@44bac90
• byted-metrics rust-lang/crates.io-index@81d9ff1 rust-lang/crates.io-index@c03c0d6
• byted-mesh rust-lang/crates.io-index@3d4b5df rust-lang/crates.io-index@965a21c
• byted-lang rust-lang/crates.io-index@5fa060c rust-lang/crates.io-index@b6cf21a
• byted-context rust-lang/crates.io-index@6a31449 rust-lang/crates.io-index@19af846
• byted-axum rust-lang/crates.io-index@10b4124 rust-lang/crates.io-index@5022aaf
• byted-jwt rust-lang/crates.io-index@5eaa5e4 rust-lang/crates.io-index@a8affba
• byted-bconfig rust-lang/crates.io-index@17b6273 rust-lang/crates.io-index@1cdc8d1
• land@0.0.1 rust-lang/crates.io-index@1ab715f rust-lang/crates.io-index@f885f27
• byted-jemalloc rust-lang/crates.io-index@4da1052 rust-lang/crates.io-index@63f29c9
• byted-logid rust-lang/crates.io-index@decf5e0 rust-lang/crates.io-index@3e941d6
• byted-log rust-lang/crates.io-index@5a11389 rust-lang/crates.io-index@754efdb
• byted-device rust-lang/crates.io-index@dcccced rust-lang/crates.io-index@bda8ed9
• byted-crypto rust-lang/crates.io-index@16b950c rust-lang/crates.io-index@5d32d39
• molten-log rust-lang/crates.io-index@577576e rust-lang/crates.io-index@4ddeb6a
• squam@0.0 rust-lang/crates.io-index@aa9bdf9 rust-lang/crates.io-index@30da79a
• byted-rds rust-lang/crates.io-index@b79b78a rust-lang/crates.io-index@d7cdcb9
• squam-derive rust-lang/crates.io-index@0093d34 rust-lang/crates.io-index@3d4a90e
• lark-update rust-lang/crates.io-index@95e2879 rust-lang/crates.io-index@b3d78b4
• byted-sd@0 rust-lang/crates.io-index@1f04b6f rust-lang/crates.io-index@1e0c9ef
• byteset_route_plugin rust-lang/crates.io-index@e9dabbe rust-lang/crates.io-index@84045a2
• byteset_sdk_rust rust-lang/crates.io-index@c640176 rust-lang/crates.io-index@77d0ff7
• byted-jemallocator rust-lang/crates.io-index@1897c22 rust-lang/crates.io-index@2690c3a
• byted-fasttext rust-lang/crates.io-index@74814fb rust-lang/crates.io-index@1a7e5b0
• byted-version rust-lang/crates.io-index@e2c483c rust-lang/crates.io-index@bccd2af
• squam-typed rust-lang/crates.io-index@b309b9d rust-lang/crates.io-index@d385ec8
• squam-macros rust-lang/crates.io-index@79f5a6a rust-lang/crates.io-index@7f501a0
• molten-cli rust-lang/crates.io-index@c9a0c12 rust-lang/crates.io-index@43da074
• byted-dps rust-lang/crates.io-index@4141260 rust-lang/crates.io-index@f571de2
• byted-spiffe rust-lang/crates.io-index@b840818 rust-lang/crates.io-index@8e60909
• byted-sd-monoio rust-lang/crates.io-index@6ddf9bd rust-lang/crates.io-index@23a1a60
• byted-context rust-lang/crates.io-index@05cc256 rust-lang/crates.io-index@e5c9877
• byted-rt@0 rust-lang/crates.io-index@a2ffa2f rust-lang/crates.io-index@ffe0643
• molten-ffi rust-lang/crates.io-index@5d1cbff rust-lang/crates.io-index@a0600e7
• byted-sqlx rust-lang/crates.io-index@4082980 rust-lang/crates.io-index@783dec1
• squam-migrations rust-lang/crates.io-index@f006f43 rust-lang/crates.io-index@67c6ded
• byted-kms rust-lang/crates.io-index@f859c05 rust-lang/crates.io-index@dfbaa9e
• byted-async rust-lang/crates.io-index@cbfed3a rust-lang/crates.io-index@9f08656
• byted-tcc rust-lang/crates.io-index@46800de rust-lang/crates.io-index@6ae5be3
• byted-trace rust-lang/crates.io-index@f39064b rust-lang/crates.io-index@5cd13d3
• lark-molten rust-lang/crates.io-index@ad6f0ee rust-lang/crates.io-index@3dac7d0
• byted-logid rust-lang/crates.io-index@ef21101 rust-lang/crates.io-index@5badbf3
• squam-config rust-lang/crates.io-index@03d3999 rust-lang/crates.io-index@06ef7d5
• catalyst@0 rust-lang/crates.io-index@31fac97 rust-lang/crates.io-index@a09d62b
• byted-rmq rust-lang/crates.io-index@8334e3d rust-lang/crates.io-index@24ecca1
• bytecore@0 rust-lang/crates.io-index@04601c0 rust-lang/crates.io-index@eb28fd1
• bytedoc@0 rust-lang/crates.io-index@4a04731 rust-lang/crates.io-index@9583114
• byted-env rust-lang/crates.io-index@044935d rust-lang/crates.io-index@511664d
• molten-ffi rust-lang/crates.io-index@a431264 rust-lang/crates.io-index@020d14c
• molten-ffi rust-lang/crates.io-index@090082c rust-lang/crates.io-index@ca2a28c
• molten-ffi rust-lang/crates.io-index@f537bdc rust-lang/crates.io-index@486870e
• molten-ffi rust-lang/crates.io-index@b8a1793 rust-lang/crates.io-index@1227a37
• molten-ffi rust-lang/crates.io-index@c634b6f rust-lang/crates.io-index@6c54d7e
• molten-ffi rust-lang/crates.io-index@27c7825 rust-lang/crates.io-index@d6412ed
• byted-redis rust-lang/crates.io-index@3aa3c44 rust-lang/crates.io-index@ade0693
• squam-migration rust-lang/crates.io-index@46bfd1b rust-lang/crates.io-index@a3483d3
• byted-tcc rust-lang/crates.io-index@7bd06f5 rust-lang/crates.io-index@6e39e47
• legoc@0.0 rust-lang/crates.io-index@ee9ea1d rust-lang/crates.io-index@f4cf5ce
• lego-core rust-lang/crates.io-index@6fa8913 rust-lang/crates.io-index@f1af782
• bytestyle rust-lang/crates.io-index@dc8b6f1 rust-lang/crates.io-index@c938fc3
• tot-tcc-derive rust-lang/crates.io-index@21fbb00 rust-lang/crates.io-index@25ea767
• bv-actor-derive rust-lang/crates.io-index@32e728b rust-lang/crates.io-index@9a9cb50
• byted-jemalloc rust-lang/crates.io-index@1cda929 rust-lang/crates.io-index@da07b8e
• byteset-lust rust-lang/crates.io-index@07d2663 rust-lang/crates.io-index@3f074a1
• byted-metrics rust-lang/crates.io-index@73db2bb rust-lang/crates.io-index@f0a4306
• byteset-core rust-lang/crates.io-index@9f79ca6 rust-lang/crates.io-index@3386139
• byteset_sdk rust-lang/crates.io-index@4508986 rust-lang/crates.io-index@e66a929
• rave_engine rust-lang/crates.io-index@a207b70 rust-lang/crates.io-index@d9a69db
• emd-ebpf@1 rust-lang/crates.io-index@eee1de8 rust-lang/crates.io-index@a16da11
• emd-common rust-lang/crates.io-index@f12b4b7 rust-lang/crates.io-index@5798513
• mountpoint rust-lang/crates.io-index@9ac20dc rust-lang/crates.io-index@451ad34
• feather@0 rust-lang/crates.io-index@a541848 rust-lang/crates.io-index@8faa20a
• volcengine rust-lang/crates.io-index@c477377 rust-lang/crates.io-index@8779cd3
• volcengine rust-lang/crates.io-index@72c6418 rust-lang/crates.io-index@8779cd3
• volcengine rust-lang/crates.io-index@35a4464 rust-lang/crates.io-index@e2c2984
• merka-vault rust-lang/crates.io-index@d8a893a rust-lang/crates.io-index@ac59ea5
• mobc-surrealdb rust-lang/crates.io-index@aa9bcae rust-lang/crates.io-index@c0bc2d4
• sudoku_machine rust-lang/crates.io-index@600df49 rust-lang/crates.io-index@913dff5
• rustyray@0 rust-lang/crates.io-index@3d1979a rust-lang/crates.io-index@b67cd73
• rustyray@0 rust-lang/crates.io-index@e3185c9
• lsp-client rust-lang/crates.io-index@6e45654 rust-lang/crates.io-index@ea0571f
• nu_plugin_port_extension rust-lang/crates.io-index@42cd8cf rust-lang/crates.io-index@93cb852
• palmfft@1 rust-lang/crates.io-index@d15e3f5 rust-lang/crates.io-index@f65c158
• palmfft@1 rust-lang/crates.io-index@f65c158 rust-lang/crates.io-index@b30dbdf
• changenog rust-lang/crates.io-index@6180c03 rust-lang/crates.io-index@2f83d11
• changenog rust-lang/crates.io-index@78e06d8 rust-lang/crates.io-index@bcc659f
• crypto-primality rust-lang/crates.io-index@94b7dbc rust-lang/crates.io-index@cbc8d56
• langfuse@0 rust-lang/crates.io-index@1a43ab6 rust-lang/crates.io-index@62441a2
• okamoto@0 rust-lang/crates.io-index@660cb2c rust-lang/crates.io-index@c543fd9
• atlas_vm@0 rust-lang/crates.io-index@540340f rust-lang/crates.io-index@733d3c5
• iris@0.1.0 rust-lang/crates.io-index@2e81345 rust-lang/crates.io-index@18fbba5
• bandurria rust-lang/crates.io-index@7930b57 rust-lang/crates.io-index@b74de1e
• getquotes rust-lang/crates.io-index@46c7d9c rust-lang/crates.io-index@e73978b
• hashinator rust-lang/crates.io-index@f16bf12 rust-lang/crates.io-index@b72de35 rust-lang/crates.io-index@f290761
• aoe2rec-js rust-lang/crates.io-index@24f8fcd rust-lang/crates.io-index@6650da0
• semaphore rust-lang/crates.io-index@3179684 rust-lang/crates.io-index@64b568d
• bot@0.1.0 rust-lang/crates.io-index@773c254 rust-lang/crates.io-index@6358225
• cord-nvim rust-lang/crates.io-index@81a9536 rust-lang/crates.io-index@ccf6314
• cord-nvim rust-lang/crates.io-index@24b1576 rust-lang/crates.io-index@ccf6314
• maidenx_cuda rust-lang/crates.io-index@478dd85 rust-lang/crates.io-index@6150b3e
• maidenx_cpu rust-lang/crates.io-index@49766db rust-lang/crates.io-index@5d50311
• deltaml@0 rust-lang/crates.io-index@88f5015 rust-lang/crates.io-index@c7eab66
• ng-i18n@0 rust-lang/crates.io-index@20aa5a8 rust-lang/crates.io-index@ecfe7ab
• bartender rust-lang/crates.io-index@f2e4300 rust-lang/crates.io-index@e0525ac
• sound-tts rust-lang/crates.io-index@e09ab16 rust-lang/crates.io-index@832f6bc rust-lang/crates.io-index@0f1bb91 rust-lang/crates.io-index@aa5b9ba rust-lang/crates.io-index@3d90854
• y@0.0.0 rust-lang/crates.io-index@4f8e49b rust-lang/crates.io-index@d250332
• h@0.0.0 rust-lang/crates.io-index@5d62092 rust-lang/crates.io-index@dc148bd
• rickroll@0 rust-lang/crates.io-index@160c533 rust-lang/crates.io-index@140ffbc
• aizs@0.1.3 rust-lang/crates.io-index@e5dcdbf rust-lang/crates.io-index@4abf758
• aiassistant rust-lang/crates.io-index@f657109 rust-lang/crates.io-index@0b5a541 rust-lang/crates.io-index@473c0f8 rust-lang/crates.io-index@61196ec
• start@0.1 rust-lang/crates.io-index@9dc274a rust-lang/crates.io-index@199428a
• cloud@0.1 rust-lang/crates.io-index@3cb63af rust-lang/crates.io-index@db36b97
• sys@0.1.0 rust-lang/crates.io-index@10a02a1 rust-lang/crates.io-index@563c319
• iot@0.1.0 rust-lang/crates.io-index@f1a64cd rust-lang/crates.io-index@ae7a9e0
• data@0.1.0 rust-lang/crates.io-index@10aac59 rust-lang/crates.io-index@d607d5c
• db@0.1.0 rust-lang/crates.io-index@61b1f1e rust-lang/crates.io-index@880f981
• as@0.1.0 rust-lang/crates.io-index@e11e6d6 rust-lang/crates.io-index@25744c8
• aizs@0.1.0 rust-lang/crates.io-index@0ec60b7 rust-lang/crates.io-index@e55feec rust-lang/crates.io-index@cc6ca8c
• protego@0 rust-lang/crates.io-index@745e308 rust-lang/crates.io-index@a35271c
• buggy@0.1 rust-lang/crates.io-index@acf159a rust-lang/crates.io-index@71517c8
• tale@0.1.0 rust-lang/crates.io-index@8655330 rust-lang/crates.io-index@8533e7d
• envs-cli@0 rust-lang/crates.io-index@4ee76e4 rust-lang/crates.io-index@d9e9629
• dm@0.1.0 rust-lang/crates.io-index@740d287 rust-lang/crates.io-index@2a83ea7
• bash@0.1.0 rust-lang/crates.io-index@258108a rust-lang/crates.io-index@98bc981
• etc. the list is not complete.

[kornelski]

I realize this is a complication for anti-spam actions, and ends up "wasting" potentially nice versions on spam. Possible solutions:

• Keep deleting crates if needed, but also keep an extra table server-side with (name, version) => checksum mapping that never gets removed. Refuse to publish the same (name, version) if the checksum differs. If a new owner hits this case, tell them to bump the version. I think that's the best, least disruptive solution.
• Yank all existing versions, remove all owners, but don't delete the crates. Display these crates as non-existent/deleted on the web front-end, but keep versions and their checksums intact in the index.
• I've suggested previously that if crates.io were to give abandoned or squatted crates to new owners, it could forbid the new owners from publishing old semver-compatible versions to prevent new owners from automatically affecting any potential old users (have a concept of a minimum version that can be published, and set it to semver-major+1 of the previous owner's versions). This logic could be reused for deleted & reclaimed crates, although it's not ideal in case of spam.